Codokey Reference Brief

Codokey Charter

Version:: 1.0
Date:: 2026-06-01
Status:: Founding Doctrine
Scope:: AI Code Access Governance — why the category exists

Reference model document — not a formal certification, audit, or product specification. Use browser Print → Save as PDF for institutional distribution.

Preamble

Sovereignty begins at the access boundary.

Codokey is founding doctrine for AI Code Access Governance. AI agents are not merely faster developers — they create a new authority layer.

You cannot govern what you cannot define.
Codokey defines the boundary between code, keys, agents, and authority.

The First Law

The first law of agentic software governance is definition. Undefined authority cannot be audited, bounded, or trusted.

The Problem

The governance gap is not a failure of tools. It is a failure of definition.

In the era of autonomous agents, code is written, modified, and prepared for deployment at machine speed. Post-facto governance is no longer sufficient. When an agent has already read your repository, encountered environment variables, and prepared a pull request — governance becomes retrospective.

Governance must precede autonomy, not follow it.

The Codokey Position

Governance is not the brake. It is the Express Lane.

Governance is the permission structure that lets AI agents move faster safely. The governed organization moves faster because boundaries are already defined.

Five Founding Principles

01 — Define before you deploy

Access boundaries must be established before an AI agent is given repository scope.

02 — Secrets are not code

Credentials and environment variables are a separate layer with separate access rules.

03 — Autonomy requires authority definition

Every agent class must have explicitly documented scope. Undefined authority is a security gap.

04 — Governance debt compounds

Every unscoped AI-assisted change creates dependencies harder to unwind at scale.

05 — Vendor-agnostic by design

Tools change. Access boundaries do not.